Everyone talks about password managers these days, but isn’t that telling the hackers exactly where to go to get all your passwords? Seems like a much higher chance of catastrophic failure to me if you have a single point of entry.
I use the same password for every site, but I put the name of the site at the end of the password.
For example:
NotmypassB3ta.
NotmypassGoogle.
NotnypassLemmy.
Etc.
I figure it might stop the most lazy of attacks.
That annoys me so much. Especially when the randomly generated line noise password I’m using doesn’t happen to include one of the three punctuation characters they need to be “secure”.
I’m using KeepassXC, which has a browser integration that is quite good, and a local database. I synchronize it to my devices (using Syncthing, so it’s p2p). The database is encrypted with a pretty good password, and a key file. the key file has never and will hopefully never be transported via internet. The database is synced to a server I’ve rented as well, but never the key.
It’s not perfect, but potential attackers would need to
a) have access to one of my daily devices (the server won’t be enough, since they need the key file)
b) crack my password
Obviously, for someone dedicated this is still quite reasonable, but then again, I don’t think that’s my threat profile. The chance of getting caught up in a larger breach is a basically zero once you use your own solution, and it should be reasonably safe, if you don’t do anything stupid.
I store mine in a selfhosted Nextcloud instance, KeepassDX on Android supports accessing it directly. Works perfectly and even provides an autofill service for Android. Very easy and very convenient.
Security and convenience are opposites. You have to decide if you want a local-only manager that is more secure, a sync service like syncthing that you can set up yourself, or a third-party cloud app like LastPass (which has been compromised at least once that I know of).
Personally I just do all my email and banking on my desktop at home, and it’s actually only inconvenienced me a few times over the years.
I store mine in a selfhosted Nextcloud instance accessible only via a Nebula overlay network (alternative to tailscale) and it’s both convenient and secure.
Everyone talks about password managers these days, but isn’t that telling the hackers exactly where to go to get all your passwords? Seems like a much higher chance of catastrophic failure to me if you have a single point of entry.
Yes that’s definitely a concern to keep in mind.
The problem is that if someone doesn’t use a password manager they’re morenlikely to reuse weak ones.
Using a password manager is a better path, as long as there is awareness on how to keep it secured.
I use the same password for every site, but I put the name of the site at the end of the password.
For example:
NotmypassB3ta.
NotmypassGoogle.
NotnypassLemmy. Etc.
I figure it might stop the most lazy of attacks.
I had something similar but ran into issues with sites requiring specific symbols, disallowing certain symbols and limiting lengths or similar
That annoys me so much. Especially when the randomly generated line noise password I’m using doesn’t happen to include one of the three punctuation characters they need to be “secure”.
Only if you’re using a third-party password manager, rather than something stored/managed locally.
Is that hard to do? And how do you access it remotely from your phone for instance?
I’m using KeepassXC, which has a browser integration that is quite good, and a local database. I synchronize it to my devices (using Syncthing, so it’s p2p). The database is encrypted with a pretty good password, and a key file. the key file has never and will hopefully never be transported via internet. The database is synced to a server I’ve rented as well, but never the key.
It’s not perfect, but potential attackers would need to
a) have access to one of my daily devices (the server won’t be enough, since they need the key file)
b) crack my password
Obviously, for someone dedicated this is still quite reasonable, but then again, I don’t think that’s my threat profile. The chance of getting caught up in a larger breach is a basically zero once you use your own solution, and it should be reasonably safe, if you don’t do anything stupid.
I store mine in a selfhosted Nextcloud instance, KeepassDX on Android supports accessing it directly. Works perfectly and even provides an autofill service for Android. Very easy and very convenient.
That’s the neat part, you don’t.
Security and convenience are opposites. You have to decide if you want a local-only manager that is more secure, a sync service like syncthing that you can set up yourself, or a third-party cloud app like LastPass (which has been compromised at least once that I know of).
Personally I just do all my email and banking on my desktop at home, and it’s actually only inconvenienced me a few times over the years.
I store mine in a selfhosted Nextcloud instance accessible only via a Nebula overlay network (alternative to tailscale) and it’s both convenient and secure.